Unfortunately, there is no easy answer to your question. There are several guidelines for securing servers depending upon whether they are Unix-based Apache servers or Microsoft IIS servers. These are available from SANS, NSA and other places. There is also a tip on searchSecurity for protecting your Web servers. Clearly, you will want all sensitive traffic to be protected by SSL or other encryption between your customers and your Web server. If any information is stored on the Web server, it should be encrypted. If you are using third party hosting services, you will need to find a way to get that information back to you securely. You might be interested in a paper I wrote in 1999 entitled, Are Secure Internet Transactions Really Secure? However, there is no single magic program to install that makes your server secure.
For more information on this topic, visit these other searchSecurity resources:
Dig Deeper on Web Server Threats and Countermeasures
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.